If you were a patient of Cardiovascular Consultants, the large cardiology practice serving the Phoenix metropolitan area, your medical records may have been part of a 2023 data breach that exposed the personal and health information of 484,000 people. A class action settlement now entitles affected patients to claim up to $5,000 in documented losses and enroll in two years of free credit and identity monitoring. The deadline to file is July 1.
The breach is logged on the U.S. Department of Health and Human Services HIPAA Breach Portal, which publicly tracks healthcare data incidents affecting 500 or more individuals. HHS categorized the Cardiovascular Consultants incident as a hacking/IT event, making it one of the largest healthcare breaches reported in 2023.
What was exposed and why it matters
According to breach notification letters sent to patients, the compromised data may include names, dates of birth, Social Security numbers, health insurance details, and medical records covering diagnoses and treatment histories. For cardiology patients specifically, that information can paint a detailed picture of chronic heart conditions, surgical procedures, and prescription regimens.
That level of detail makes the data valuable to identity thieves. Stolen medical records can be used to file fraudulent insurance claims, obtain prescription drugs, or build synthetic identities. Under HIPAA’s breach notification rules, Cardiovascular Consultants was required to notify every affected patient individually, report the breach to HHS, and issue a public notice given the scale of the incident. The practice completed those steps, which is how the breach entered the federal record.
How the settlement works
The settlement, reached through a class action lawsuit filed on behalf of patients whose data was compromised, offers two tracks of relief:…